CVE-2026-0508HIGH 8.1EPSS p19.5%

CVE-2026-0508CVE-2026-0508

Description

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS0.28% probability of exploitation · percentile 19.5% · 2026-06-19T12:03:05Z
Published2026-02-10
Last modified2026-02-17

Underlying weaknesses· 1

CWE-601

References

  1. https://me.sap.com/notes/3674246
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessURL Redirection to Untrusted Site ('Open Redirect')cwe-6010%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0061
CVE
CVE-2026-34257
CVE
CVE-2026-0507
CVE
CVE-2026-27682
CVE
CVE-2026-24315
CVE
CVE-2026-44743
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.